Ecommerce on the cheap ?

Data Protection Act, PCI DSS etc .etc.

Do it on the cheap and it's going to come back and bite you on the backside. Someone's going to come along an nick your database via a SQL injection attack that a five year old could have avoided.

Don't get me wrong, I'm not saying you have to spend millions. I'm just saying it's probably worthwile spending a little bit of money on an established piece of software that has been around a while.....

You should preferably also have a budget for regular penetration testing (NOT just simplistic automated vulnerability scans) if you are planning to make a serious ecommerce business out of this venture.

Sorry, but it's the facts. Ecommerce in 2010 is highly compeitive, and operates in an environment where security exploits take ever less effort to deploy. You've got a lot of challenges as an e-commerce newcomer..... I assume you've got no pre-existing established brand that will drive traffic to your site .... in which case security becomes an even greater aspect of gaining the trust of potential shoppers.

Whichever way you choose to go..... good luck !